Firmware release procedures

From OLPC
Revision as of 18:07, 20 October 2006 by Cjb (talk | contribs)
Jump to: navigation, search

Release procedure

Here is a draft of a BIOS release procedure.

Stage one: EC:

  • Quanta e-mails EC release and changelog to the OLPC BIOS contact, signed and encrypted with PGP
    • see notes below
  • Quanta and OLPC test this version of EC

Stage two: Buildrom:

  • Pull EC release from http://dev.laptop.org/pub/ec/, check hashes
  • Update buildrom changelog and tag for release
  • Update SPI flash version string in buildrom binary
  • Create buildrom SRPM
  • Build two flavors of binary RPM for the two RAM variants

Stage three: Testing:

  • announce build to BIOS team and Ray, release candidate testing begins
  • test on a 256M board
  • install the binary RPMs on Tinderbox machines
  • >12 hours of burn-in warm reboot testing on Tinderbox
  • cold boot tests
    • we need a cold boot solution; X10 doesn't seem to like the power at OLPC
  • After automated tests, send "Who has tested?" mail asking for problem reports
  • Release after twelve hours if no problem reports

Stage four: Release:

  • Release builds kept in a separate directory
  • Update the version number in LB from release candidate to final
  • Announce new build and hashes to devel-boards@ (requires moderation).

Using PGP for EC code

For first release only

Download and run ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.5.exe

Download and install Thunderbird from http://www.mozilla.com/thunderbird/

Download Enigmail from http://www.mozilla-enigmail.org/downloads/enigmail-0.94.1.1-tb15-linux.xpi

Download http://dev.laptop.org/pub/ec/olpc-bios-key.pub ; this will be the key that the mail is encrypted to.

Run Thunderbird

Set up an e-mail account; when asked for name, use "Quanta OLPC BIOS"

Tools menu->Extensions:

  • Click install, find downloaded Enigmail .xpi
  • Restart Thunderbird

OpenPGP menu->Key Management:

  • choose "No", don't use wizard
  • Generate menu->new key pair:
    • Enter passphrase twice
    • Set key expiry to 2 months
    • Supply key fingerprint to OLPC out-of-band
    • It is vital that the private key file (secring.gpg) is kept secure, and is not distributed from the computer it was created on

Tools menu->Account Settings->OpenPGP Security:

  • OpenPGP support should be enabled
  • Check "Encrypt messages by default" and "Sign encrypted messages by default"

Tools menu->Account Settings->Copies & folders:

  • Uncheck "Place a copy in"

Tools menu->Account Settings->Composition & Addressing:

  • Uncheck "Compose messages in HTML format"

OpenPGP menu->Key Management:

  • File menu->Import keys from file
  • Choose the downloaded olpc-bios-key.pub file

For subsequent releases

Click "Write":

  • To: bios@laptop.org
  • OpenPGP menu->"Send My Public Key"
  • Attach changelog
  • Attach EC file
  • Click "Send"
  • Choose "inline pgp"
Retrieved from "http://wiki.laptop.org/mediawiki/index.php?title=Firmware_release_procedures&oldid=14217"